ExportParameters returns Invalid type specified error

Some time ago a customer of mine was trying to export the private key associated to a certificate stored in a smart card, and for that he was trying to use the RSACryptoServiceProvider.ExportParameters method with a code like the following:

System.Security.Cryptography.X509Certificates.X509Certificate2 cert = GetCert(certName);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
RSAParameters params = rsa.ExportParameters(true);

But ExportParameters was returning the following exception:

System.Security.Cryptography.CryptographicException: Invalid type specified

To troubleshoot this error, we took traces with the following debugger script of mine: CryptoAPI Tracer script.

With those traces we saw that the error came from CryptExportKey API. The reason of the error was that the third-party Cryptographic Service Provider (CSP) associated to the certificate won’t allow us to export the private keys from the smart card. This actually makes sense if we think about the main purpose of smart cards in this scenario: hold private keys which can only be accessed directly from the smart card whenever they are needed to sign or decrypt data.

Read more: Decrypt my World

Posted via email from .NET Info